Microsoft Microsoft Certifications AZ-800 Questions & Answers

• Question 131:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using

  DEFAULTIPSITELINK.

  You open a new branch office that contains only client computers.

  You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.

  Solution: You create a new subnet object that is associated to Site1.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  Yes, creating a new subnet object that is associated with Site1 would meet the goal of ensuring that client computers in the new office are primarily authenticated by the domain controllers in Site1. When a client computer requests authentication, Active Directory will use the subnet-to-site association to determine which site the client computer is in, and will then direct the authentication request to a domain controller in that site. By associating the new subnet with Site1, client computers in the new office will be directed to authenticate with domain controllers in Site1.

• Question 132:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.

  You need to identify which server is the PDC emulator for the domain.

  Solution: from Active Directory Users and Computers, you right-click contoso.com in the console tree, and then select Operations Master

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  As xrisimix said; Operation Masters and then PDC tab

• Question 133:

  Your network contains a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains the servers shown in the following exhibit table.

  

  You plan to install a line-of-business (LOB) application on Server1. The application will install a custom Windows service.

  A new corporate security policy states that all custom Windows services must run under the context of a group managed service account (gMSA). You deploy a root key.

  You need to create, configure, and install the gMSA that will be used by the new application.

  Which two actions should you perform? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point

  A. On Server1, run the setspncommand.

  B. On DC1, run the New-ADServiceAccountcmdlet.

  C. On Server1, run the Install-ADServiceAccountcmdlet.

  D. On Server1, run the Get-ADServiceAccountcmdlet.

  E. On DC1, run the Set-ADComputercmdlet.

  F. On DC1, run the Install-ADServiceAccountcmdlet.

  Correct Answer: BC

• Question 134:

  Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.

  You need to minimize the latency for changes to Active Directory.

  What should you do?

  A. For each site links, modify the site link costs.

  B. Create a site link bridge that contains all the site links.

  C. For each site link, modify the optionsattribute.

  D. For each site link, modify the replication schedule.

  Correct Answer: C

  Reconfigure the link site option to use notification.

  Details: Active Directory - Change Notification (Inter-Site Replication)

  Since we know Active Directory, we know also that its replication works automatically between the domain controllers. The lowest value of this replication schedule is 15 minutes. You can't get lower. If there aren't that many frequent changes,

  or the active directory site is not large (probably with only one site) then this value should work for you.

  But what if your active directory environment is larger? What if you have more than one site, on different locations, with different networks? Or what if you’ve got some remotedesktop services running in your main site and some users working

  with them in a branch office? What about the “I forgot my password” cases?

  Well, there is a solution for you. We can tune-up the Active Directory Inter-Site Replication. The inter-site replication works also automatically, and you can also schedule the replication only for 15 minutes. But there are some settings we can

  tweak to get the domain controllers pulling the changes made recently.

  1.

  First open “Active Directory Sites and Services” on your primary domain controller (that's the icon with the blue “building”).

  2.

  Let's start now with the tuning operation. Expand “Sites” and “Inter-Site Transports” (if you haven't already). Click on the IP folder.

  3.

  Now right-click (or double-click) on your site link on the right hand side. If you did not rename it, it's just the DEFAULTIPSITELINK. Then click “Properties”. Then click on the “Attribute Editor” tab.

  4.

  The attribute we should edit is called “options”.

  We now have to change this attribute to a specific value which allows us to tweak the inter-site replication.

  Value,

  1 USE_NOTIFY (use this setting!)

  2 TWOWAY_SYNC

  4 DISABLE_COMPRESSION

  Incorrect:

  Not B: Two scenarios in which you need a site link bridge design to control replication flow include controlling replication failover and controlling replication through a firewall.

  Not D: The minimal replication schedule is 15 minutes. When you use manual site link replication interval is set to 15 minutes and cannot be lowered further.

  Reference: https://www.driftar.ch/2016/10/26/active-directory-change-notification-inter-site-replication/

• Question 135:

  Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains 10 servers that run Windows Server. The servers have static IPv4 addresses.

  You plan to use DHCP to assign IPv4 addresses to the servers.

  You need to ensure that each server always receives the same IPv4 address.

  Which type of identifier should you use to create a DHCP reservation for each server?

  A. fully qualified domain name (FQDN)

  B. universally unique identifier (UUID)

  C. NetBIOS name

  D. MAC address

  Correct Answer: D

  How to Reserve IP Address on Windows Server DHCP?

  DHCP reservation is the creation of a special entry on the DHCP server. Thanks to this, the same IP address from the DHCP scope address pool will be issued for a specific device (MAC address).

  To create a new reservation, right-click the Reservations section in the DHCP console and select New Reservation.

  Fill in the following fields in the New reservation window:

  Reservation name: specify the network name of the device;

  IP address: specify the IP address from your DHCP scope that you want to assign to the device;

  MAC address: use the physical device address obtained earlier;

  Descriptions: provide a description of the device (optional).

  Reference:

  https://theitbros.com/reserve-ip-address-dhcp/

• Question 136:

  Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers.

  You plan to store a DNS zone in a custom Active Directory partition.

  You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers.

  What should you use?

  A. Active Directory Administrative Center

  B. Set-DnsServer

  C. New-ADObject

  D. ntdsutil.exe

  Correct Answer: D

  You can create DNS application directory partition to host DNS zone containing user account entries with the use of NTDSUTIL.EXE and DNSMGMT.MSC tools.

  Note 1: You can also create a custom Active Directory partition by using the DnsCmd command.

  Note 2: Implementing DNS Application Directory Partition

  1.

  Login to the forest root domain controller using your forest root domain admin account or enterprise administrator account

  2.

  Start the command prompt.

  3.

  Type NTDSUTIL and hit enter

  4.

  Type PARTITION MANAGEMENT and hit enter

  5.

  Type CONNECTIONS and hit enter

  6.

  Type CONNECT TO SERVER or

  ex. CONNECT TO SERVER DC01.AMRS.SYNERGIX.DS

  1.

  Type QUIT

  2.

  Type LIST to view all known naming contexts

  3.

  Type CREATE NC DC=dnsADPUsers,DC=Local domainControllerFQDN

  ex. CONNECT TO SERVER DC01.AMRS.SYNERGIX.DS

  1.

  Type LIST to view all previously known naming context and the newly created DC=dnsADPUsers,DC=Local naming context

  2.

  Do NOT add another replica for the naming context DC=dnsADPUsers,DC=Local

  This DNS Application Directory Partition is for a special purpose DNS zone and we wish to avoid Active Directory Replication delays. A backup of this DNS zone's content can be maintained in a secondary DNS zone on any DNS server.

  Reference:

  https://synergixdesk.zendesk.com/hc/en-us/articles/202927548-Create-DNS-application-directory-partition-to-host-DNS-zone-containing-user-account-entries

• Question 137:

  Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers.

  You plan to store a DNS zone in a custom Active Directory partition.

  You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers.

  What should you use?

  A. dnscmd.exe

  B. Active Directory Sites and Services

  C. Set-DnsServer

  D. DNS Manager

  Correct Answer: A

  How to create and apply a custom application directory partition on an Active Directory integrated DNS zone

  You can create a custom Active Directory partition by using the DnsCmd command.

  Create an application directory partition by using the DnsCmd command

  Use the DnsCmd command to create an application directory partition. To do this, use the following syntax:

  DnsCmd ServerName /CreateDirectoryPartition FQDN of partition

  To create an application directory partition that is named CustomDNSPartition on a domain controller that is named DC-1, follow these steps:

  1.

  Click Start, click Run, type cmd, and then click OK.

  2.

  Type the following command, and then press ENTER:

  dnscmd DC-1 /createdirectorypartition CustomDNSPartition.contoso.com

  When the application directory partition has been successfully created, the following information appears:

  DNS Server DC-1 created directory partition: CustomDNSPartition.contoso.com Command completed successfully.

  Reference:

  https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/create-apply-custom-application-directory-partition

• Question 138:

  You have an Azure subscription that contains the virtual networks shown in the following table.

  

  You deploy a virtual machine named VM1 that runs Windows Server. VM1 is connected to Subnet11.

  You plan to add an additional network interface named NIC1 to VM1.

  To which subnets can NIC1 be attached?

  A. Subnet11 only

  B. Subnet12 only

  C. Subnet11 and Subnetl2 only

  D. Submet12 and Subnet21 only

  E. Subnet11, Subnet12, Subnet21, and Subnet31

  Correct Answer: C

  C: is correct, it is possible to attach many NICs to the same subnet so additional NIC to subnet11 is also possible.

• Question 139:

  You have an on-premises server named Server1 that runs Windows Server. You have an Azure subscription that contains a virtual network named VNet1. You need to connect Server1 to VNet1 by using Azure Network Adapter. What should you use?

  A. the Azure portal

  B. Azure AD Connect

  C. Device Manager

  D. Windows Admin Center

  Correct Answer: D

  Connect standalone servers by using Azure Network Adapter.

  You can connect an on-premises standalone server to Microsoft Azure virtual networks by using the Azure Network Adapter that you deploy through the Windows Admin Center (WAC).

  Use a Windows Server with Windows Admin Center installed to deploy the Azure Network Adapter.

  Reference:

  https://learn.microsoft.com/en-us/azure/architecture/hybrid/azure-network-adapter

• Question 140:

  You have two servers that have the Hyper-V server role installed. The servers are joined to a failover cluster. Both servers can connect to the same disk on an iSCSI storage device.

  You plan to use the iSCSI storage to store highly available Hyper-V virtual machines that will support live migration functionally.

  You need to configure a storage resource in the failover cluster to store the virtual machines.

  What should you configure?

  A. Cluster Shared Volumes (CSV)

  B. Distributed File System (DFS) Replication

  C. a storage pool

  D. a mirrored volume

  Correct Answer: A